First, if I were a student at CMU, I would complain about having a corporate trojan installed on my machine. How long before somebody reverse engineers the protocol for this 'client security agent' and turns this software into a backdoor on unsuspecting student's machines.

Second, if I were a professor, I'd ask why the IT department can't set up a faculty network separate from the student body. Do some bandwidth shaping here. Give the faculty network a separate, dedicated amount of bandwidth. (I'm imagining they do this already, but I'm answering some the responses here.)

Third, if I were a high enough ranking member of CMU's IT department, I'd be asking why we want to touch all those student computers anyway. I really don't want the department to be saddled with the help desk issues resulting from this bastard 'client security agent' malware anyway. Quarantine the non-conforming students. If these students are willing to sign waviers, put them on a separate network, firewalled from the conforming students. It's up to them to firewall their machine. Block the obvious P2P traffic (or do some intelligent bandwidth shaping). Students who wish to conform get put on the other network. Plus, by a good anti-virus solution for everybody (like Avira or NOD32). Once again, anyone who doesn't conform to this policy gets put on the quarantined network, plus they sign the waiver stating they understand the risks.

Fourth, hire me as CMU's CIO.... (Forget it, Michigan is in the toilet as a state anyway...)